On Tue, Jun 3, 2014 at 12:47 PM, Nguyễn Văn Hớn wrote:
> Hi Dan. I have add [USB Storage Inserted] [any] []
> r:HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum -> Count -> !0; to
> file win_audit_rcl.txt: on agent XP. and i restart agent and server. but
I think you should be adding that to
Hi Dan. I have add [USB Storage Inserted] [any] []
r:HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum -> Count -> !0; to
file *win_audit_rcl.txt*: on agent XP. and i restart agent and server. but
when i attached USB storage, nerver alert to send to server.
I have to make wtih link
http://o
On Tue, Jun 3, 2014 at 12:27 PM, dan (ddp) wrote:
> On Tue, Jun 3, 2014 at 11:57 AM, Nguyễn Văn Hớn wrote:
>> Hi every body. i have to make with link
>> http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
>> but it is not running.
>
> What is not running? Did you restart t
On Tue, Jun 3, 2014 at 11:57 AM, Nguyễn Văn Hớn wrote:
> Hi every body. i have to make with link
> http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
> but it is not running.
What is not running? Did you restart the OSSEC processes after making
these changes on the manage
Hi every body. i have to make with
link
http://blog.rootshell.be/2010/03/15/detecting-usb-storage-usage-with-ossec/
but it is not running.
and
link
http://ossec-docs.readthedocs.org/en/latest/manual/monitoring/process-monitoring.html
but is not running.
i want to create active response whe
